Nowadays, virtual private network (VPN) is an important technique for providing safe and dedicated communication connection over the public Internet. However, for general users, it is not easy to set up a VPN. For users who have to use VPNs, how to provide safe and convenient connection and access to VPN is an important issue. Complicated procedures involved in the setup of application programs and various limitations in accessing network resources would cause great inconveniences to users. For the purpose of simplifying the setup of a VPN, some commercially available products suggest that using Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) as a communication channel to establish a VPN, so that a user can determine which subnets in the VPN is accessible without understanding all the complicated procedures of setting up the VPN. Regarding to the established VPN connection of an Internet Protocol Security (IPSec) VPN, using HTTPS as the communication channel and using Microsoft Windows IPSec utility to establish a connection of an IPSec VPN are already known techniques. However, due to the highly complicated procedures of completing IPSec-related settings through the Local Security Policy, the currently available technique can only provide access to one-single subnet.
With the currently available network techniques, there is rapid growth in the network environment, and most of the enterprise networks usually have different network routings for different departments. Providing access to a single subnet can no longer satisfy the requirement. Currently, most of the small and medium business routers provide multiple subnets, and even many So-Ho routers are equipped with this function as well. Speaking of the information security, using virtual local area network (VLAN) techniques to distinguish various kinds of networks into user network and resource network is also a widely adopted way in network management. Therefore, when a VPN can only provide the access to single subnet, it would cause great inconveniences to users. Also, complication and security issues might be raised in network management if all important resources are in a certain subnet because of the limitations of VPN accessibility.
The conventional IPSec VPN application software adopting Microsoft Windows IPSec utility has another disadvantage with regard to network addressing. That is, the IPSec tunnel established by the conventional IPSec VPN application software adopting Microsoft Windows IPSec utility is using a host-to-gateway mode. Thus, the source IP address of the packet is the address of the computer running the application software, and this type of IP address might be a public IP address. When a user adopts the above application software to establish the IPSec tunnel and to connect to an intranet network, the packet with such public IP address might be detoured by a local default routing in the intranet network to result network latency. Further, packet missing might occur to cause problems in network management when the enterprise firewall does not allow such type of packets in the local area network.